Skip to content

Instantly share code, notes, and snippets.

@theRemix

theRemix/openssl-encryption.md

Last active February 17, 2021 15:19
Show Gist options
  • Save theRemix/9555051fb2ceb5a9ddc9d9998abee823 to your computer and use it in GitHub Desktop.
Save theRemix/9555051fb2ceb5a9ddc9d9998abee823 to your computer and use it in GitHub Desktop.
Download ZIP
Openssl Encryption
Raw
openssl-encryption.md

Encryption to external

This guide will help you NEVER send secrets / keys / highly sensitive information in plaintext

This method is meant to send secrets to other moderately technical people, they just need to have some familiarity with the CLI

Send the encrypted message, and instructions, to the receiver. Then send the password to decrypt via almost any other channel, slack, sms, verbally, etc. see below for example of an email with instructions.

All internal encryption uses Keybase

Encrypting single line secrets

Ex: secret message is fox decryption password is bear note: the -n will supress a trailing line, you don’t have to use this, sometimes it looks nicer without it, though if this command is used in automation, you definitely want -n

OSX / Linux / Win(wsltty)

echo -n "fox" | openssl enc -e -aes-256-cbc -a -salt -md sha256

Windows powershell

without openssl.exe in path

echo "fox" | & 'C:\Program Files\OpenSSL-Win64\bin\openssl.exe' enc -aes-256-cbc -a -salt -md sha256

with openssl.exe in path

echo "fox" | & openssl.exe enc -aes-256-cbc -a -salt -md sha256

Output

the encrypted message:

U2FsdGVkX19y7bQR5v5NE2ptL+qwGUIncZY0ONm/Vbc=

Decrypting single line secrets

Ex: decryption password is bear secret message is fox

OSX / Linux / Win(wsltty)

echo "U2FsdGVkX19y7bQR5v5NE2ptL+qwGUIncZY0ONm/Vbc=" | \
  openssl aes-256-cbc -a -d -salt -md sha256

Windows powershell

without openssl.exe in path

 echo "U2FsdGVkX19y7bQR5v5NE2ptL+qwGUIncZY0ONm/Vbc=" | & 'C:\Program Files\OpenSSL-Win64\bin\openssl.exe' aes-256-cbc -a -d -salt -md sha256

with openssl.exe in path

 echo "U2FsdGVkX19y7bQR5v5NE2ptL+qwGUIncZY0ONm/Vbc=" | & openssl.exe aes-256-cbc -a -d -salt -md sha256

Output

the decrypted message:

fox

Encrypting secret file

Ex: secret file is auth.json encrypted filename is auth.json.enc decryption password is bear

OSX / Linux / Win(wsltty)

cat auth.json | openssl enc -e -aes-256-cbc -a -salt -md sha256 > auth.json.enc

Windows powershell

without openssl.exe in path

cat auth.json | & 'C:\Program Files\OpenSSL-Win64\bin\openssl.exe' enc -e -aes-256-cbc -a -salt -md sha256 > auth.json.enc

with openssl.exe in path

cat auth.json | & openssl.exe enc -e -aes-256-cbc -a -salt -md sha256 > auth.json.enc

Output

a new file named **auth.json.enc **containing the encrypted message:

U2FsdGVkX1+Ek0i0xoTjWsixnr0o5UvDL/aad9ALvm/KImDonHD5zUSe53vBNGyc

Decrypting secret file

Ex: secret file is auth.json encrypted filename is auth.json.enc decryption password is bear

OSX / Linux / Win(wsltty)

cat auth.json.enc | openssl aes-256-cbc -a -d -salt > auth.json

Windows powershell

without openssl.exe in path

cat auth.json.enc | & 'C:\Program Files\OpenSSL-Win64\bin\openssl.exe' aes-256-cbc -a -d -salt -md sha256 > auth.json

with openssl.exe in path

cat auth.json.enc | & openssl.exe aes-256-cbc -a -d -salt -md sha256 > auth.json

Output

a file named auth.json is created containing the decrypted message:

{
  "secret": "fox"
}

Email message to send a single line secret

Hello person,

Here is the secret token that you need.

Run one of the following commands to decrypt the secret token. You will be prompted for a password, call or send me a text message at 111.222.3333 and I will give you the password.

Instructions for Windows

Run one of these commands in Powershell, you need openssl installed. (you can install it here: https://slproweb.com/products/Win32OpenSSL.htmlWin64 OpenSSL v1.1.1c Light EXE)

If openssl is in your path:

 echo "U2FsdGVkX19y7bQR5v5NE2ptL+qwGUIncZY0ONm/Vbc=" | & openssl.exe aes-256-cbc -a -d -salt -md sha256

otherwise, use the explicit path to the installed executable openssl.exe :

 echo "U2FsdGVkX19y7bQR5v5NE2ptL+qwGUIncZY0ONm/Vbc=" | & 'C:\Program Files\OpenSSL-Win64\bin\openssl.exe' aes-256-cbc -a -d -salt -md sha256

If you have “Git Bash” or wsltty, you can use the instructions for OSX/Linux

Instructions for OSX/Linux/Windows (Git Bash/Wsltty)

Run this command in a terminal:

echo "U2FsdGVkX19y7bQR5v5NE2ptL+qwGUIncZY0ONm/Vbc=" | \
  openssl aes-256-cbc -a -d -salt -md sha256

Email message to send a secret file

Hello person,

I have attached the encrypted auth.json.enc file that you need.

Run one of the following commands to decrypt the file. You will be prompted for a password, call or send me a text message at 111.222.3333 and I will give you the password.

Once it’s decrypted, it a new file will be created named auth.json

Download the attached auth.json.enc file then navigate to it’s location in your terminal.

Instructions for Windows

Run one of these commands in Powershell, you need openssl installed. (you can install it here: https://slproweb.com/products/Win32OpenSSL.htmlWin64 OpenSSL v1.1.1c Light EXE)

If openssl is in your path:

cat auth.json.enc | & openssl.exe aes-256-cbc -a -d -salt -md sha256 > auth.json

otherwise, use the explicit path to the installed executable openssl.exe :

cat auth.json.enc | & 'C:\Program Files\OpenSSL-Win64\bin\openssl.exe' aes-256-cbc -a -d -salt -md sha256 > auth.json

If you have “Git Bash” or wsltty, you can use the instructions for OSX/Linux

Instructions for OSX/Linux/Windows (Git Bash/Wsltty)

Run this command in a terminal:

cat auth.json.enc | openssl aes-256-cbc -a -d -salt > auth.json
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment